“Sniffing” is a term that is used in the computer arts to describe the process of monitoring data that has been entered into a computer or a computer system (e.g., network). Although the term can be used to describe legitimate monitoring of data for the purposes of management of a computer or computer system, more often the term is applied to processes used by unauthorized persons, e.g., hackers, to steal information.
One common form of such sniffing is keyboard sniffing. Keyboard sniffing involves recording information that is entered into a computer using a keyboard. Through keyboard sniffing, information such as usernames, passwords, personal identification numbers (PINs), social security numbers, credit card numbers, and the like may be captured and used for illicit or improper purposes. Currently, keyboard sniffing may be classified as either external sniffing or internal sniffing. In external keyboard sniffing, hardware is used to capture entered data. For instance, a recording device is either placed inside the user's keyboard or positioned so as to intercept data that is sent from the keyboard to the computer (e.g., between the keyboard cord and the computer receptacle). In internal sniffing, software is used to capture the entered information. For example, the driver software used to recognize selections entered by the user on his or her keyboard is modified or replaced so that each keystroke is identified and stored (e.g. on the computer's hard disk). Such a modification or replacement can be effected by unleashing a virus on the user's computer.
In either keyboard sniffing scenario, the data captured through the sniffing process is collected by the unauthorized person and the desired information extracted therefrom. Although it may be difficult to identify the pieces of information that are sought (e.g., username and password) from the captured data, it is by no means impossible given that most users enter relatively little information via the keyboard. Moreover, various software applications can be created to identify the desired information.
One problem with keyboard sniffing is that it is difficult to prevent. The reason for this is that the information is obtained as it is entered by the user with the input device (i.e., keyboard), not during data transmission (e.g., to another computer). Therefore, not even the most sophisticated encryption technologies are effective at preventing keyboard sniffing. Furthermore, keyboard sniffing is difficult to detect. Where external keyboard sniffing is used, the user may never realize that a sniffing device was connected to his or her keyboard. Due to recent advances in memory technologies, a large amount of data can be stored within a very small sniffing device. Accordingly, the unauthorized person may be able to connect the sniffing device to the keyboard, collect information over the course of a few days or weeks, and then retrieve the device to identify the desired information.
Where internal keyboard sniffing is used, the amount of data that is stored within the user's computer is relatively small in the typical situation, given that most users do not enter that much information via the keyboard. Therefore, as long as the modified or replaced keyboard driver performs the function of the original, the user may never become aware that the sniffing is occurring.